[Snort-devel] tcpdump for false alert on sid:1845

Russell Fulton r.fulton at ...1343...
Wed Oct 30 19:49:02 EST 2002


Hi All,
	I am running the production release of 1.9.0 and all seems to be well
except that I am getting a lot of false hits on rules 1845 and 1844. 
This did not happen on the beta 6 release that I was running before.

I have managed to get a tcpdump file with a single IMAP session that
illustrates the problem (attached).

-- 
Russell Fulton, Computer and Network Security Officer
The University of Auckland,  New Zealand

"It aint necessarily so"  - Gershwin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: tcpd
Type: application/octet-stream
Size: 1101 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20021030/80f4f3cc/attachment.obj>


More information about the Snort-devel mailing list